Ransomware attacks on industrial entities are increasing, with strains adopting ICS-aware mechanisms to disrupt OT systems. Ransomware operators are incorporating data theft operations into their attack techniques, posing greater concern and legal issues for victims. This session will discuss risks and consequences associated with these activities impacting ICS, and how to defend against them.